首页 发现 帮助
登录
GfA
/
linux_kernel
5
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

ext2: reject inodes with negative size

Don't load an inode with a negative size; this causes integer overflow
problems in the VFS.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Darrick J. Wong 8 年之前
父节点
c3b004460d
当前提交
b46dc03381
共有 1 个文件被更改,包括 4 次插入0 次删除
合并视图 显示文件统计
  1. 4 0
      fs/ext2/inode.c

+ 4 - 0
fs/ext2/inode.c
查看文件 

@@ -1476,6 +1476,10 @@ struct inode *ext2_iget (struct super_block *sb, unsigned long ino)
 
 		inode->i_size |= ((__u64)le32_to_cpu(raw_inode->i_size_high)) << 32;
 
 		inode->i_size |= ((__u64)le32_to_cpu(raw_inode->i_size_high)) << 32;
 
 	else
 
 	else
 
 		ei->i_dir_acl = le32_to_cpu(raw_inode->i_dir_acl);
 
 		ei->i_dir_acl = le32_to_cpu(raw_inode->i_dir_acl);
 
+	if (i_size_read(inode) < 0) {
 
+		ret = -EFSCORRUPTED;
 
+		goto bad_inode;
 
+	}
 
 	ei->i_dtime = 0;
 
 	ei->i_dtime = 0;
 
 	inode->i_generation = le32_to_cpu(raw_inode->i_generation);
 
 	inode->i_generation = le32_to_cpu(raw_inode->i_generation);
 
 	ei->i_state = 0;
 
 	ei->i_state = 0;